Confidential data safeguards

Alastair Brown explains how to safeguard business data by ensuring that your policies are up to scratch.

New figures show that High Court cases against employees light shining on one personstealing confidential data from their employers increased by 25 per cent from 2015 to 2016.

A number of factors have contributed towards this rise, including technology making it easier to access data, and increasing staff turnover.

While the figure is lower than it was in 2009, where a high number of redundancies led to 95 cases that year, any increase should be viewed as significant by employers, and they should be seeking to proactively manage their employees to prevent data loss.

Company policy

Well drafted company policies should be introduced and fully implemented. These policies should cover all of the areas that are susceptible to data loss, from a policy on handling confidential data to an email and mobile phone policy. These policies should inform staff of their obligation to keep data safe, set out the rules for handling data, outline how to avoid a data breach and the potential consequences of employee theft.

If any specific company rules are in place, for example, prohibiting the sending of emails to personal email addresses, these must be clearly outlined.


Training should be provided to staff on the rules contained in these policies and how they should handle data to avoid an accidental, or intentional, data breach.

Once a new piece of software or technology is introduced to the business, such as cloud software, further training should be carried out to ensure that staff are aware of the rules.

Terms of confidentiality

To set in place an effective deterrent, employers can introduce contractual clauses around confidentiality. Although there is an implied term of fidelity in all employment contracts, this may not be sufficient to deter staff from stealing confidential data.

Instead, an express term of confidentiality can be included in all contracts for staff who handle confidential data. This will, in many cases, be enough to limit or reduce data theft during employment, as employees will be aware that they will breach their own contract if they do this.

In addition, putting in place well drafted, reasonable restrictive covenants regarding the use of confidential data post-termination will reduce the likelihood of employees stealing data when they leave. This is because they will be aware that any use after their employment ends will be subject to legal action by their previous employer.

Notice periods and garden leave

One of the main areas for data theft will be during the employee’s notice period, as they may be seeking data to take to their new employment or, in extreme cases, looking to punish their previous employer.

To prevent this occurring, garden leave can be put in place by employers. During a period of garden leave, the employee remains employed by the company under their normal contractual terms, including any confidentiality terms, but they do not attend work. This limits their access to systems and data, ensuring they cannot take confidential information during this period.

About the author

Alastair Brown is chief technical officer at people management software company, BrightHR.

Source: Increase in disgruntled employees stealing confidential customer data